Data Breach Guide

It seems a new data breach happens every week. Is it possible to stay on top of it all and make sure you’re not one of the millions of victims of identity theft?

A major data breach of a large company or organization—like the recent Equifax breach—can result in identity theft and fraud, especially when permanent identity information is stolen, like consumers’ Social Security numbers, birthdates, names, and addresses.

Taking quick action when a data breach occurs is the best plan. If you receive an email alert from the breached company, follow included instructions in addition to the steps below. It’s also smart to implement this protocol as soon as you hear of a major breach, instead of waiting to hear from the company.

Put a fraud alert on your credit file and monitor your accounts. Contact one of the three credit reporting bureaus—Experian, Equifax, or TransUnion—and ask them to place a fraud alert on your file (the bureau you contact is required to notify the other two to put a similar alert on their files of you). This is free, and the alert will stay on your file for 90 days. Make a note of the start date in case you want to extend it after the 90-day period.

If you discover you are a victim of the breach and your information is used fraudulently, extend your fraud alert for seven years to combat lingering after-effects of the fraud. Even after a resolution to the larger breach and any misuse of your personal information, remain vigilant. Your information could have been sold to other fraudsters who will attempt to use it years later.

Check your current credit report. Obtain a free copy of your credit report from sites like annualcreditreport.com or any of the three credit bureaus. Review recent activity on credit cards and any new applications for loans or other lines of credit. Someone could have already used your information before the breach was detected and before you initiated the fraud alert.

Consider enrolling in a verified identity protection service.

Contact businesses and organizations that use your personal information. Be proactive and contact your credit union and other financial institutions to let them know your information may be compromised. Many of them can install additional alerts and initiatives to monitor your account activity.

Change your sign-in information with the breached company, including password and username, if possible (also be sure to update your other online profiles that used the same password). Contact the company’s fraud department and get a certified letter from them indicating that your information has been compromised.

Visit the Federal Trade Commission (FTC) website and fill out their identity theft form. Save your reference number and the Identity Theft Affidavit.

Finally, file a report with your local police if you can confirm you have been a victim of identity theft. Save the report number.

This may seem like a lot of paperwork—even if most of it is digital—but each piece may be critical in proving fraudulent activity down the road, and it prevents any malicious activity from staying on your credit report or other important personal file.

You don’t have to wait for an email alert from a breached company to check on the safety and usage of your personal information. For free, and without harming your credit score, you can pull your full credit report from each of the three credit bureaus once a year. To take maximum advantage of this, rotate pulling one report from each bureau every four months. This will give you a continual and up-to-date insight into your credit and identity security.